Hi. I have a problem, when trying to use embedded login page. Version of SM is: [EMAIL PROTECTED] ~/www/site8/public_html]$ cat ./version LOCALE_VERSION=1.4.13 So.. I have created login page such as at http://www.squirrelmail.org/wiki/EmbeddedSquirrelMailLogin
When user logs in from this page at first time - SM sets a cookie - SMSESSID and KEY. If user closes this page(not using button log out, but simply closing the page), the next time, when he tries to log in, the value of the cookie SQMSESSID does not override. Because of this, he can modify data(For example - modify e-mail address and reverse email address) of previous successfully logged user from the same machine. Value of KEY cookie is override. -- Banchshikov Dmitry Tech support PeterHost.ru ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: [email protected] List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
